8/4 Why is everyone bashing Bush- Bash the dot coms, bash the
financial anaysts, bash the consultants, bash msft, bash the
FCC.. bush's role in the whole thing is very small- Presidents
are very limited in what they can do and I believe he is doing as
much "good" as anyone else could do. He might be doing it in a
different way but the "good" is still occuring.
what the hell is supporting our economy right now- energy,
construction and governemtn spending- if Bush put restraints on
these we would be in deap shit. The is nothing he can do to
stimulate investment- government IT spending is going up
substantially but compared to what the private sector was doing
its small potatoes and more gearer towards larger companies-- ie
Boeing, EDS, Dyncorp, Lockhead. IS this good -- hell ya as at
leasts it better than nothing at all. result- flight to
quality....
\_ hi kinney!

8/4 What do most bio majors do once they've applied to med school for
two years on a row and got rejected both times? Do most of them
just end up in the food service industry like history majors do?
\_ is the food service industry big enough for english, history, AND
bio majors?
\_ Don't forget philosophy, psychology, ethnic studies, women's
studies, religious studies, mass comm, sociology, and poli sci.
\_ No. Philosophy majors (unless going to law school), upon
graduation, immediately enter an eternal state of
unemployment.
\_ Soylent green is made of people! You've got to tell them!
Soylent green is people!
\_ I think many apply to med schools in other countries. And I
got the impression that those doing bad enough to not even
get into those have already changed majors by that point.
\_ Agreed
http://www.thinkgeek.com/images/zoom/despair-poster-stupidity.jpg
\_ From what I understand, there are other options for bio majors
besides med school. Some go into grad school, some go into
pharma, and some go into completely different career paths.
Most of the ones I know, however, ended up in pharma. -chaoS

8/4 If I have ADSL service from a company other than PacBell would it
be possible to disconnect the phone service without loosing DSL?
\_ it should be, but you can bet that there will be lots of
trouble with the line in the future. Techs like to 're-use' pairs
that dont have 'dial tone' on them. They can't check for DSL,
so your line will very likely get inadvertantly cut.
\_ but if this was true then there would be lots of SDSL-using folks
unhappy about it. Remeber that SDSL does requires a dedicated
phone line running to telco's CO.

8/5 I've just setup a new firewall at home and I'm looking for a
tool to test it out. Any recommendations?
I'm also running a caching DNS server on the firewall and I'd
like to setup a rule that allows the server to make queries
and recieve responses but that blocks inbound queries. I can't
seem to figure out how to do this though as my ipf fu is weak.
Any suggestions? Thanks.
\_ you want it so that you can run internal dns, but not have
external machines able to query your internal dns? Can you
run 2 nameservers on your network then?
\_ Not necessary to run 2 nameservers, that's overkill. BIND
has a directive which allows you to specify which servers
are allowed to query it. I'll double-check and get back to
you.
\_ somewhat obviously, the option you want is 'allow-query'.
\_ This does not seem to be a supported BIND4 directive.
Do you know if there is an equivalent?
\_ No, there is no equivalent.
\_ The caching nameserver handles the nameservice queries for
the internal nat'ed network. The dns for the public systems
in the dmz are hanled by my isp.
In BIND8 you can tell it to bind() and listen() for connections
on selected ip's on the system system, but I'm stuck running
BIND4 which doesn't support this feature. Thus I'm trying to
figure out a ipf rule that will allow me to run caching dns
while preventing '1337 h4x0r5 from trying to exploit the
nameserver.
\_ Why are you running BIND4? There's no good reason to.
\_ Okay stuck was a bad choice of words. BIND4 for OpenBSD
has been audited while BIND8 has not. I just wanted that
extra level of protection and I wanted to avoid having
to install /usr/ports on the firewall in order to build
BIND8. Anyway it looks like I'm just going to have to
install BIND8. Thanks.
\_ Okay, let me get this straight. You're running BIND
on your firewall box. Are you INSANE?!? If you
care about having a secure nameserver, don't run
BIND. Run djbdns (Dan Bernstein's uber-paranoid
DNS server).
\_ OpenBSD BIND4 is audited. Its not the same as
stock BIND4 or BIND8. I thought about djbdns.
There are problems with the way that it does
recursive queries that break my webcache so
I can't use it.
As far as the firewall is concerned if udp 53
is open on my internal ip but closed on my
external ip, external attacks cannot exploit
any weaknesses in BIND. This is the level of
security I'm looking for. (I case this box is
hacked, I've got another with a similar image
ready to go, I can just power than one on and
switch over while the regular machine is being
reimaged from known safe media)
\_ you could try ShieldsUp! at http://grc.com
\_ The guy who runs this site is a freak! I don't know
about the quality of his programs, but I would not
want to support him.
\_ why not? sure, his site looks unprofessional, but you have to
respect someone who codes win32 apps in asm. his denial of
service story is good reading too.
\_ go to http://www.dslreports.com click on tools then port scan.
\_ Thanks, I'll try this out.
\_ May I reccomend nmapping your site from outside?
\_ I've performed a TCP connect(), SYN, FIN, Xmas, NULL, and
a UDP port scan. The only open port that was detected was
tcp 22 (SSH) and udp 53 so most of my rules appear to be
working. The bits I want to test are filter input and output
packets with invalid source and destination addresses. I'm
a nmap novice and can figure out how to do this. I suppose
I could just write a raw packet generator, but someone must
have already wrote one so I'm looking for recommendations.
Thanks.